Welcome to Splunk Answers, a Q&A forum for users to find answers to questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come here to find solutions to their issues, and to help other users in the Splunk community with their own questions.

This quick tutorial will help you get started with key features to help you find the answers you need. You will receive 10 karma points upon successful completion!

People who like this

1 Answer

...| eval group1=if(match(fieldName,"A.*"),1,0) | eval group2=if(match(fieldName,"B.*"),1,0) | eval group3=if(match(fieldName,"C.*"),1,0) | stats count by group*
The A.*, B.*, & C.* should be regular expressions that match the value of FieldName to the desired/correct group number.
The stats group* will do the count for each group.
The "..." Is where you put your foot search.